HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 696
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring BGP
N o t e
13-82
If you want to use the prefix list to create more complicated policies, you
should apply it to a route map entry instead of to the BGP neighbor. You can
then configure the policy in the route map entry and apply the route map to
the neighbor. See "Configuring Route Maps: Creating More Complex Policies
for Route Exchange" on page 13-86 for more information on this option.
Permitting Remote Private Routes and Filtering Out External
Routes. Very often, rather than storing external routes to every network in
the Internet, a router simply stores a default route for all external traffic. In
this case, the router does not need external routes from its ISP router. The
router should accept only routes to private remote sites, which the ISP router
has tunneled to it.
You should configure a filter for inbound data to screen out all routes except
those to the remote networks. For example, suppose your organization uses
the private network address 10.1.X.0 /24 for its sites, the X being replaced by
a different number at each site. You would configure an entry that permits any
24-bit network in the 10.1.0.0 /16 range.
ProCurve(config)# ip prefix-list FilterIn seq 1 permit 10.1.0.0/16 ge 24 le 24
You would then apply the list to the neighbor:
ProCurve(config-bgp-neighbor)# prefix-list FilterIn in
You can filter the routes you receive from an ISP on the local router as
described. However, since BGP updates consume bandwidth, and bandwidth
costs money, you should consider requesting that your ISP filter out these
routes at its end. In this way, your router will not receive unnecessary routes
in the first place. You should still leave the internal filter in place in case the
ISP router inadvertently sends out routes that it should not.
Preventing the Router from Advertising External Traffic. A common
BGP application is multihoming. Multihoming allows you to connect to two
ISPs and advertise certain routes to one ISP and certain routes to the other ISP.
An unintended consequence of multihoming is that the ISPs can advertise
routes to each other through your local network, which can then become a
transit network for external traffic. (See Figure 13-18).
Advertisement
Chapters
Table of Contents
Troubleshooting
